I suggest you ...

Give option to use the Droplet's own bootloader!

At present it appears (at least for Ubuntu) that the KVM instance for each Droplet is invoked with a kernel & initrd that are external to the Droplet's storage. This means that security updates/upgrades to the kernel from with the Droplet (eg *distribution security updates*) are ignored and the Droplet continues to boot with the kernel & initrd from when the Digital Ocean image was created.

1,308 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Chris WilsonChris Wilson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    Ananth SuryaAnanth Surya shared a merged idea: can you please add kernel 4.1.16-040116. I have some software which only works with this. Also cant VMs use grub ??  ·   · 
    Anonymous shared a merged idea: Support switching to in-server kernel management  ·   · 
    Anonymous shared a merged idea: Provide a way for internally managing kernels to all droplets including migration for older ones  ·   · 
    Andrew RembrandtAndrew Rembrandt shared a merged idea: Specify custom kernel parameters from control panel  ·   · 
    BilalBilal shared a merged idea: Members should use own Kernels  ·   · 
    Anonymous shared a merged idea: dear sir I'm working on my Cloudlinux on digitalocean.com i want you to forward this problem to your senior management staffs or CEO to re  ·   · 
    RR shared a merged idea: Centos 6.5 upstream kernel: kernel-2.6.32-431.3.1.el6  ·   · 
    Anonymous shared a merged idea: Archlinux kernel selection  ·   · 
    Anonymous shared a merged idea: New Kernels  ·   · 
    AmkoAmko shared a merged idea: Add Centos 5.10 Kernel 2.6.18-371.1.2.el5.go please.  ·   · 
    Joe LeBlancJoe LeBlanc shared a merged idea: Allow Custom Kernels - would like to have kernels with grsecurity support  ·   · 
    Anonymous shared a merged idea: Add CentOS kernel vmlinuz-2.6.32-358.23.2.el6.x86_64  ·   · 
    SeanSean shared a merged idea: Debian Linux Kernel 3.10-3  ·   · 
    LenaLena shared a merged idea: Kernel update for Ubuntu 12.04 LTS  ·   · 
    Matt ThomasMatt Thomas shared a merged idea: Add 3.2.0-52-generic kernel support  ·   · 
    Anonymous shared a merged idea: Add another kernel in the list: kernel 2.6.18  ·   · 
    John DoeJohn Doe shared a merged idea: Add latest kernels for Ubuntu 13.04  ·   · 
    Tobias SchwabTobias Schwab shared a merged idea: Improve Kernel Management  ·   · 
    Jonathan TittleJonathan Tittle shared a merged idea: Allow Custom Kernels  ·   · 

    Hi,

    In my last update, I noted that certain Droplets in fact already used their own bootloaders and “internally managed” kernels. I’m glad to say that these changes have been backported to other distros as well. All new Droplets now use their own bootloader.

    We’ve also provided an upgrade path for older Droplets. In order to use the “internally managed” kernels without rebuilding your Droplet, you can now set the “DigitalOcean GrubLoader” from your Droplet’s kernel menu.

    You can read more about how this works in this tutorial:

    https://www.digitalocean.com/community/tutorials/how-to-update-a-digitalocean-server-s-kernel

    If you have any questions about the changes, please open a support ticket so the team can clarify any concerns you have.

    https://cloud.digitalocean.com/support/tickets/new

    Thanks!

    115 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Ananth SuryaAnanth Surya commented  ·   ·  Flag as inappropriate

        I just need a specific kernel version. Ideal would be give that flexibility to us, the users... looks like grub is not used by the infra at all

      • Andy SaylerAndy Sayler commented  ·   ·  Flag as inappropriate

        Today's secuty announcement is yet another reason why relying on DO to provide kernals is bad for DO users (and by proxy, bad for DO): http://arstechnica.com/security/2016/01/linux-bug-imperils-tens-of-millions-of-pcs-servers-and-android-phones/.

        Ubuntu pushed out an updated kernel early this morning (http://www.ubuntu.com/usn/usn-2871-2/), but I'm still wating on DO to update their list of available kernels - meanwhile my DO VMs remain exposed...

      • Anonymous commented  ·   ·  Flag as inappropriate

        New droplets running recent distributions use the simplfied in-server kernel management method. However, old droplets are stuck with the old method of managing kernels from the control panel, even if the user has upgraded the distribution to a recent version.

        It should be possible to switch to the in-server kernel management method.

      • BenBen commented  ·   ·  Flag as inappropriate

        I'm surprised that DO hasn't said anything about progress on this issue - some of the latest images (e.g. the Ubuntu 15.04 image) DO implement internally-managed kernels. The bummer is that it's only good for new droplets. Converting already existing droplets means creating a new droplet and then moving content from the old droplet to the new one. AFAIK (unless it's changed since I found out about this), this has not yet been implemented in the Ubuntu 14.04 (LTS) image. I've got one more droplet to move over (my mail server), and I'll have all my droplets running on the internally-managed kernel.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Fedora 22 has now the feature of internally managed kernels. I wish we could extend that to other droplets including a migration plan for older ones like e.g. older Fedora that were upgraded to recent Fedora (newer or equal than 22).

      • mc0emc0e commented  ·   ·  Flag as inappropriate

        Seriously? 3 years? I've recently put a few of a client's servers on DO. No more.

      • SeanSean commented  ·   ·  Flag as inappropriate

        No, on Fedora 21 you can delete the local kernel/initrd and it still boots...

      • md_5md_5 commented  ·   ·  Flag as inappropriate

        CoreOS, FreeBSD and Fedora 21 all use their own bootloaders.... now for this to just become standard. I'll never understand why it was done this way in the first place.

      • Anonymous commented  ·   ·  Flag as inappropriate

        When I joined DO, I didn't realize that this was a limitation. Luckily, I only joined recently and haven't fully committed to DO just yet. If this doesn't get implemented soon, I'm afraid I may be forced to go elsewhere. That would be a shame because I've so far been very happy about everything else at DO.

      • SeanSean commented  ·   ·  Flag as inappropriate

        I've finally left for another provider because of this issue. Digital Ocean was stuck on kernel 3.2.60-1+deb7u1 for over two months after Debian released newer versions with SECURITY UPDATES. They only added the new version after I noticed this and opened a support ticket. They didn't even know there were missing updates at the time.

        They are acting very irresponsibly by taking kernel patching upon themselves and then not doing their job. It concerns me that this is probably not the only thing they have neglected -- just the easiest one to see.

      • Monkey BonkeyMonkey Bonkey commented  ·   ·  Flag as inappropriate

        I have never have an Arch kernel break on me. The situation here is much worse since we can't patch stuff even when we want to...

      • LukaLuka commented  ·   ·  Flag as inappropriate

        ETA on this is NEVER.... Same as for more space per droplet...

      ← Previous 1 3 4 5 6

      Feedback and Knowledge Base